Mozilla Firefox Privacy Policy

Archived, January 8, 2009

We’re working hard to protect your privacy while delivering products and services that bring you the performance and protection you desire in your personal computing. This privacy policy explains how Mozilla Corporation (“Mozilla”), a wholly-owned subsidiary of the non-profit Mozilla Foundation, collects and uses information about users of the official Mozilla Firefox® web browser (“Firefox”). It does not apply to other Mozilla websites, products or services.

Types of Information

As with most Internet web browsers, Firefox sends certain information to the websites that you visit. This information falls into the following categories:

“Personal Information” is information that you provide to us that personally identifies you, such as your name, phone number or email address. Except as described below, Mozilla does not collect or require end-users of Firefox to furnish Personal Information.

“Non-Personal Information” is information that cannot be directly associated with a specific person or entity. Non-Personal Information includes but is not limited to your computer’s configuration and the version of Firefox you use.

“Potentially Personal Information” is information that is Non-Personal Information in and of itself but that could be used in conjunction with other information to personally identify you. For example, Uniform Resource Locators (“URLs”) (the addresses of web pages) and Internet Protocol (“IP”) addresses (the addresses of computers on the internet), which are Non-Personal Information in and of themselves, could be Personal Information when combined with internet service provider (“ISP”) records.

“Aggregate Data” is information that is recorded about users and collected into groups so that it no longer reflects or references an individually identifiable user.

Information Firefox Sends to Websites

Like most web browsers, Firefox sends information to the websites you visit, including (1) Non-Personal Information of the type that web browsers typically make available, such as the type of browser you are using, your language preference, the referring site, and the date and time of your visit; and (2) Potentially Personal Information such as your IP address. This information may be logged on the websites you visit. What information is logged and how that information is used depends on the policies of each of the websites you visit.

Each website determines its own privacy policy for the distribution and use of this Non-Personal Information and Potentially Personal Information. If you are concerned about how a website will use this information, check out its privacy policy. To find out more about how Mozilla uses this information on its own websites, see the Mozilla Privacy Policy.

Interactive Product Features

Mozilla has additional interactive product features, some of which are provided by third party service providers, which additional interactive features are available depends on the version of Firefox you are using.

Crash-Reporting Feature

Firefox has a crash-reporting feature that sends a report to Mozilla when Firefox crashes. Mozilla uses the information in the crash reports to diagnose and correct the problems in Firefox that caused the crash. Though this feature starts automatically after Firefox crashes, it does not send information to Mozilla until you explicitly authorize it to do so. By default, this feature sends a variety of Non-Personal Information to Mozilla, including the stack trace (a detailed description of which parts of the Firefox code were active at the time of the crash) and the type of computer you are using. Additional information is collected by the crash reporting feature. Which crash reporting feature is used and what additional information collected by Firefox depends on which version of Firefox you’re using.

Firefox 1.0 – 2.x.

For these earlier versions of Firefox, “Talkback” is Firefox’s crash reporting feature. Talkback also collects Personal Information (including your name and email address) and Potentially Personal Information (including your IP address, your computer’s name, and the processes you were running at the time of the crash). You can selectively disable the sending of this information. Additionally, you have the option to include the URL of the site you were visiting when Firefox crashed, a comment, and your email address in the report. Mozilla only makes Non-Personal Information and Potentially Personal Information in the public reports available online at http://talkback-public.mozilla.org/.

Firefox 3.0 to 3.x.

For the current versions of Firefox, “Firefox Crash Reporter” is Firefox’s crash reporting feature. With this feature, you have the option to include the URL of the site you were visiting when Firefox crashed, a comment, and your email address in the report. Firefox Crash Reporter also sends a list of all add-ons that you were using at the time of the crash, the time since (i) the last crash, (ii) the last install, and (iii) the start-up of the program. For Firefox 3.0.0 – 3.05, Firefox Crash Reporter also collects Potentially Personal Information to Mozilla in the form of a unique alphanumeric value to distinguish individual Firefox installs. This value is not assigned to users of Firefox 3.0.6 and subsequent versions. Mozilla only makes Non-Personal Information (i.e., generic information about your computer, the stack trace, and any comment given by the user) in the public reports available online at http://crash-stats.mozilla.com/.

To safeguard your privacy, Mozilla makes the Personal Information, such as your name and email address, and Potentially Personal Information, such are the URL of the site you last visited, only available to its employees, contractors, and selected contributors who signed confidentiality agreements that prohibit them from using or disclosing such information other than for internal Mozilla purposes.

Report Broken Web Site Feature

Firefox’s Report Broken Web Site feature lets you notify Mozilla when a website you visit improperly displays or incorrectly functions. The feature sends the URL of the broken website to Mozilla. You may also choose to send your email address and a description of the problem. This feature also sends a variety of Non-Personal Information to Mozilla, including but not limited to the version of Firefox you are using and your language preference. Except for your email address, Mozilla makes all of this information public. This feature does not send information to Mozilla until you explicitly authorize Firefox to do so. To prevent this public release of Personal and Potentially Personal Information, don’t report a website if the website’s URL contains your Personal and Potentially Personal Information, and don’t include Personal Information in your description of the problem. To prevent the release of any information, don’t use this feature to report a broken website.

Report Web Forgery Feature

Firefox’s Report Web Forgery feature lets you report suspected web forgeries to Mozilla’s third party service provider(s) for the web forgery protection feature when you encounter a suspected malicious “phishing” or fraudulent website that is impersonating a legitimate website. This feature sends your comments about the suspected fraudulent website to our third-party provider(s), as well as the same information that the browser sends when you visit a website. Each of our third-party providers are under licensing agreements with Mozilla and will not release Potentially Personal Information to the public. These third party providers only use this information in conjunction with the web forgery protection service they are providing. In addition, each third-party provider has its own privacy policy that is linked to the online form where you report a potential web forgery. To prevent the third party provider from obtaining this information, don’t use this feature to report a web forgery. (Also see “Protection Against Suspected Forgery and Attack Sites Features” below.)

Automated Update Service

Firefox’s automatic update feature periodically checks to see if an updated version of Firefox and installed add-ons are available from Mozilla.

Firefox

This feature sends Non-Personal Information to Mozilla, including the version of Firefox you are using, build ID and target, update channel, your operating system, and your language preference. This feature also sends Potentially Personal Information to Mozilla in the form of a cookie named “aus” that contains a unique numeric value to distinguish individual Firefox installs. Mozilla uses this information to provide you with updated versions of Firefox and to understand the usage patterns of Firefox users. We use this information to improve our products and services and to support decision making regarding feature and capacity planning.

Add-ons

The add-ons update version check sends Non-Personal Information to Mozilla, including the version of Firefox you are using, version of the add-ons you have installed, build ID and target, update channel, your operating system, and your language preference with each check of an add-on that uses https://addons.mozilla.org/en-US/firefox/ as its update host. If any of your add-ons use a third party update URL, Firefox will check that URL for updates to those add-ons.

We do not collect or track any Personal Information or any information about the Web sites you visit, and we do not release the raw information we obtain from these features to the public. We may release reports containing Aggregate Data so that our global community can make better product and design decisions. To prevent Mozilla from obtaining this information, you can turn this feature off in Firefox’s preferences. An article in our Firefox Knowledge Base gives you information about changing your preferences.

Add-ons Features.

One thing that makes Firefox so flexible is the ability for you to add various add-ons, extensions, and themes to Firefox, thereby creating a custom browser that fits your needs. The following features show how Firefox 3.x provides both the ability to obtain additional add-ons easily and to protect against potentially harmful add-ons.

Get Add-ons Feature

Firefox 3.x offers a Get Add-ons Feature. This feature creates a list of recommended add-ons and extensions to try. You access this recommended list by clicking on the “Get Add-ons” tab from the Firefox Add-ons Manager. We do not collect any Personal Information. To display the recommended list, Firefox sends Non-Personal Information to Mozilla, including the type of computer and version of Firefox you are using as well as any cookies set by https://addons.mozilla.org.

Blocklist Feature

Firefox 3.x also offers a Blocklist feature. With this feature, once a day Firefox does a regularly scheduled, automatic check to see if you have any harmful add-ons or plug-ins installed. If so, this feature disables add-ons or plug-ins that Mozilla has determined contain known vulnerabilities or major user facing issues or fatal bugs (e.g., client crashes on startup or something causing an endless loop of unusability). You may view the current list of Blocklisted items. This feature sends Non-Personal Information to Mozilla, including the version of Firefox you are using, operating system version, build ID and target, update channel, and your language preference. In addition, Mozilla also uses this feature to count the number of active Firefox users. Currently there is no basic user interface to disable the Blocklist feature. An article in our Firefox Knowledge Base explains how you may disable the Blocklist feature. Disabling the Blocklist feature is not recommended as it may result in using extensions know to be untrustworthy. More information about the Blocklist feature may be found at https://wiki.mozilla.org/Extension_Blocklisting.

Security Features

Beginning with Firefox 2.0, Mozilla has additional security features, some of which are provided by third party service providers. The security features available depend on the version of Firefox you are using.which security features are available depends on the version of Firefox you are using.

Firefox 2.0 to 2.x.

Protection Against Suspected Forgery Sites

The Firefox web forgery protection feature displays a warning if the website you are visiting is suspected of impersonating a legitimate website. Firefox lets you select various levels of protection, and different information is transmitted by Firefox depending on the level you choose.

By default, Firefox checks the web pages that you visit against a list of suspected web forgeries (a “blacklist”) that is downloaded to your hard drive at regularly scheduled intervals (e.g., approximately twice per hour), the rate of frequency may change from time to time. If there is a match, Firefox displays a “Suspected Web Forgery” alert. Each time Firefox checks in with the third party provider to download a new blacklist, Non-Personal Information and Potentially Personal Information, such as the information that the browser sends every time you visit a website as well as the version number of the blacklist on your system, is sent to the third party provider. In order to safeguard your privacy, Firefox will not transmit the URL of web pages that you visit in this default mode to anyone.

Alternately, you can check the web pages you visit against an online list that is provided by a third party service. When you select this option, Firefox sends the URL of the web page, in addition to your IP address and other Non-Personal Information, to the selected third party service provider. Firefox displays a “Suspected Web Forgery” alert if the third party service provider returns with a response indicating that the URL you are accessing is a suspected web forgery. This feature will no longer be available 180 days after the release of Firefox 3.0.

You may completely turn off the web forgery protection feature in Firefox’s preferences. If you do this, none of the information discussed here will be downloaded to your hard drive or sent to any third party service provider. An article in our Firefox Knowledge Base gives you information about changing your preferences.

Each time Firefox checks in with the third party provider to download a new blacklist, Non-Personal Information and Potentially Personal Information, such as the information that the browser sends every time you visit a website as well as the version number of the blacklist on your system, is sent to the third party provider. In order to safeguard your privacy, Firefox will not transmit the complete URL of web pages that you visit to anyone. While it is possible that a third party service provider may determine the actual URL from the hashed URL sent, Mozilla’s third party service providers have entered into a written agreement with Mozilla not to use any data or other information about or from users of Firefox for purposes other than to provide and maintain their service. In addition, in no event will these third party service providers correlate any Firefox user data with any other data collected through other products, services or web properties of that provider. These third party service providers may inform you about additional notices regarding their applicable privacy policies.

Firefox 3.0 to 3.x

Secure Website Certificate Verification

When you visit a secure website, Firefox will check with the certificate provider to validate that website’s certificate. Firefox sends only the certificate identification to the certificate provider, not the exact URL you are visiting. If the certificate is not valid, you will receive an error page that states the certificate was revoked and you will not be able to access that website. The technical name for this process is OCSP or On-line Certificate Status Protocol. You may completely turn off the secure website certificate verification feature in Firefox’s preferences under the encryption tab. If you do this, none of the information discussed here will be sent to any third party certificate provider. An article in our Firefox Knowledge Base gives you information about changing your preferences.

Protection Against Suspected Forgery and Attack Sites Features

The Firefox forgery and attack protection feature displays a warning if the website you are visiting is suspected of impersonating a legitimate website (commonly referred to as a phishing or forgery website) or a site that infiltrates or damages a computer system without your informed consent, including, without limitation, any computer viruses, worms, trojan horses, spyware, computer contaminant and/or other malicious and unwanted software (commonly called an attack site or malware). By default, Firefox checks the web pages that you visit against a blacklist that is downloaded to your hard drive at regularly scheduled intervals (e.g., approximately twice per hour), the rate of frequency may change from time to time. The blacklist does not include the full URL of each suspicious site. Instead, each URL is hashed (obscured so it can't be read) and then broken into portions. Only a portion of each hashed URL is included on the blacklist on your hard drive. If there is a match, Firefox will check with its third party provider to ensure that the website is still on the blacklist. The information sent between Firefox and its third party provider(s) are hashed URLs. In fact, multiple hashed URLs are sent with the real hash so that the third party provider(s) will not know what site you are visiting. If there is a match, Firefox displays either a “Reported Web Forgery” or “Reported Attack Site” alert, as applicable.

You may completely turn off the forgery and/or attack site protection features in Firefox’s preferences. If you do this, none of the information discussed here will be downloaded to your hard drive or sent to any third party service provider. An article in our Firefox Knowledge Base gives you information about changing your preferences.

Each time Firefox checks in with a third party provider to download a new blacklist, Non-Personal Information and Potentially Personal Information, such as the information that the browser sends every time you visit a website as well as the version number of the blacklist on your system, is sent to a third party provider. In order to safeguard your privacy, Firefox will not transmit the complete URL of web pages that you visit to anyone. While it is possible that a third party service provider may determine the actual URL from the hashed URL sent, Mozilla’s third party service providers have entered into a written agreement with Mozilla not to use any data or other information about or from users of Firefox for purposes other than to provide and maintain their service. In addition, in no event will these third party service providers correlate any Firefox user data with any other data collected through other products, services or web properties of that provider. These third party service providers may inform you about additional notices regarding their applicable privacy policies. (For example, see Google Safe Browsing Service in Mozilla Firefox Version 3.)

Please note that we’re not yelling at you in this paragraph. Our lawyers have advised us that we need to make sure this information is conspicuous so you’ll read it. The forgery and attack site protection feature is provided “as is” and for your information as advice and guidance only. Mozilla and its contributors, licensors and partners do not guarantee that these protection features will prevent you from being deceived by a malicious website and we strongly recommend that you continue to be vigilant while online, particularly when following links sent to you in e-mail. The Mozilla Firefox End User License Software Agreement describes this in more detail.

Cookies

A cookie is a small string of information that a website stores on your computer and that web browsers make available to that website each time you return. Firefox stores cookies on your computer when requested to do so by websites. A website uses cookies to help identify and track visitors, the use of the website, and visitors’ website access preferences across multiple requests and visits. It is possible to include Personally-Identifying Information, or references to such information, in cookies, thereby enabling websites to track the online movements of particular individuals. To prevent Firefox from sending cookies to specific websites, configure Firefox to prompt you when a website wants to set a cookie. To prevent Firefox from sending cookies to any website, configure it to disable cookies. An article in our Firefox Knowledge Base gives you information about changing these preferences.

Privacy Policy Changes

Mozilla may change the Firefox Privacy Policy from time to time. Any and all changes will be reflected on this page. When Mozilla changes this policy in a material way, a notice will be posted on the www.mozilla.org Web site. Substantive changes may also be announced through the standard mechanisms by which Mozilla communicates with its users and community, including Mozilla's "announce" mailing list and newsgroup. It is your responsibility to ensure that you understand the terms of this Privacy Policy. You should periodically check this page for any changes to the current policy.

For More Information

If you have questions about this privacy policy, please contact Mozilla at: privacy at mozilla dot com.